apiVersion: v1
kind: ReplicationController
metadata:
name: hollow-node
labels:
name: hollow-node
{{kubemark_mig_config}}
spec:
replicas: {{numreplicas}}
selector:
name: hollow-node
template:
metadata:
labels:
name: hollow-node
{{kubemark_mig_config}}
spec:
initContainers:
- name: init-inotify-limit
image: busybox:1.32
command: ['sysctl', '-w', 'fs.inotify.max_user_instances=1000']
securityContext:
privileged: true
volumes:
- name: kubeconfig-volume
secret:
secretName: kubeconfig
- name: kernelmonitorconfig-volume
configMap:
name: node-configmap
- name: logs-volume
hostPath:
path: /var/log
- name: containerd
hostPath:
path: /run/containerd
- name: no-serviceaccount-access-to-real-master
emptyDir: {}
containers:
- name: hollow-kubelet
image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}}
ports:
- containerPort: 4194
- containerPort: 10250
- containerPort: 10255
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command: [
"/go-runner",
"-log-file=/var/log/kubelet-$(NODE_NAME).log",
"/kubemark",
"--morph=kubelet",
"--name=$(NODE_NAME)",
"--kubeconfig=/kubeconfig/kubelet.kubeconfig",
"--node-labels={{hollow_node_labels}}",
{{hollow_kubelet_params}}
]
volumeMounts:
- name: kubeconfig-volume
mountPath: /kubeconfig
readOnly: true
- name: logs-volume
mountPath: /var/log
- name: containerd
mountPath: /run/containerd
resources:
requests:
cpu: {{hollow_kubelet_millicpu}}m
memory: {{hollow_kubelet_mem_Ki}}Ki
securityContext:
privileged: true
- name: hollow-proxy
image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command: [
"/go-runner",
"-log-file=/var/log/kubeproxy-$(NODE_NAME).log",
"/kubemark",
"--morph=proxy",
"--name=$(NODE_NAME)",
"--kubeconfig=/kubeconfig/kubeproxy.kubeconfig",
{{hollow_proxy_params}}
]
volumeMounts:
- name: kubeconfig-volume
mountPath: /kubeconfig
readOnly: true
- name: logs-volume
mountPath: /var/log
resources:
requests:
cpu: {{hollow_proxy_millicpu}}m
memory: {{hollow_proxy_mem_Ki}}Ki
- name: hollow-node-problem-detector
image: registry.k8s.io/node-problem-detector/node-problem-detector:v0.8.20
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command:
- /bin/sh
- -c
- /node-problem-detector --system-log-monitors=/config/kernel.monitor --apiserver-override="https://{{master_ip}}:443?inClusterConfig=false&auth=/kubeconfig/npd.kubeconfig" --alsologtostderr 1>>/var/log/npd-$(NODE_NAME).log 2>&1
volumeMounts:
- name: kubeconfig-volume
mountPath: /kubeconfig
readOnly: true
- name: kernelmonitorconfig-volume
mountPath: /config
readOnly: true
- name: no-serviceaccount-access-to-real-master
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
readOnly: true
- name: logs-volume
mountPath: /var/log
resources:
requests:
cpu: {{npd_millicpu}}m
memory: {{npd_mem_Ki}}Ki
securityContext:
privileged: true
# Keep the pod running on unreachable node for 15 minutes.
# This time should be sufficient for a VM reboot and should
# avoid recreating a new hollow node.
# See https://github.com/kubernetes/kubernetes/issues/67120 for context.
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 900
Codebase Browser
kubernetes